README

一个简单的 Drupal OpenID Connect 模块。

安装

composer require itk-dev/itkdev_openid_connect_drupal
vendor/bin/drush pm:enable itkdev_openid_connect_drupal

配置

$config['itkdev_openid_connect_drupal']['authenticators']['generic'] = [
  // Optional name.
  'name' => 'Azure B2C',
  // Optional. Default: FALSE
  'show_on_login_form' => TRUE,

  // Optional. Redirect after login (default: <front>)
  'default_location' => '/content',

  // Optional. Default: FALSE
  'debug => TRUE,

  // Required OpenID Connect Discovery url (cf. https://swagger.org.cn/docs/specification/authentication/openid-connect-discovery/)
  'openid_connect_discovery_url' => …,
  // Required client id.
  'client_id' => …,
  // Required client secret.
  'client_secret' => …,

  // Required map from user field to claim name.
  'fields' => [
    // Mapping `name` is required.
    'name' => 'upn',
    // Mapping `mail` is required.
    'mail' => 'email',

    // Additional user fields.
    'field_first_name' => 'given_name',
    'field_last_name' => 'family_name',

    // Mapping `roles` is optional, but recommended.
    'roles' => 'role',
  ],

  'roles => [
    // Optional map from OpenID role name to list of Drupal role (machine) names (or a single name).
    'map' => [
      'admin' => ['administrator', 'user_manager'],
      'user' => 'authenticated',
    ],

    // Optional default Drupal role (machine) names that users will always get.
    'default => [
      'employee',
    ],
  ],
];

$config['itkdev_openid_connect_drupal']['authenticators']['userid'] = [
  'openid_connect_discovery_url' => …,
  'client_id' => …,
  'client_secret' => …,
  …,
  'default_roles' => [
    'user',
  ],
];

使用方法

要使用定义的认证器之一进行身份验证，必须将用户发送到 /itkdev_openid_connect_drupal/authenticate/«key»，其中 «key» 是在配置中定义的认证器之一（例如，上述示例中的 generic 或 userid）。

使用类似以下代码生成认证 URL：

Url::fromRoute('itkdev_openid_connect_drupal.openid_connect, ['key' => $key])

开发

编码标准

composer install
composer coding-standards-check
composer coding-standards-apply